Consultant, Application Security Penetration Tester

Coalfire-posted 10 months ago
$126,000 - $138,000/Yr
Full-time • Entry Level
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. Coalfire’s AppSec team is composed of highly specialized application security testers. Not only are we ethical hackers, but trusted advisors, where true consultancy shines through. At Coalfire, we take pride in being a partner to our clients. On our AppSec team, you work individually, but also in large groups depending on engagements. Come join our fun team where you can showcase your abilities, deepen your technical skills, expand your knowledge, be mentored while mentoring others, and have a great time while doing it.

  • Perform application security assessments using penetration testing, threat modeling, and code review techniques.
  • Identify and remediate security vulnerabilities in web applications, APIs, cloud environments, and enterprise systems.
  • Conduct API security testing (SOAP, REST, GraphQL) and evaluate authentication/authorization mechanisms.
  • Analyze network security controls, including firewalls, SSL/TLS, encryption, and VPN configurations.
  • Collaborate with development teams to integrate security into the Secure Development Life Cycle (SDLC).
  • Conduct code reviews across various languages to identify security flaws and vulnerabilities.
  • Work with cloud security testing methodologies and ensure compliance with security standards.
  • Provide clear, well-written reports with actionable recommendations.
  • Consult with clients to explain findings, address security concerns, and provide remediation guidance.
  • Support mentorship and knowledge sharing within the team.
  • Lead and support penetration testing projects from start to finish.
  • Contribute to thought leadership through blog posts, conference talks, and R&D initiatives.
  • Stay up to date with security policies, industry best practices, and emerging threats.
  • Strong knowledge of OWASP Top 10 and ability to explain vulnerabilities and attack vectors.
  • Hands-on experience with web application security testing and exploits.
  • Proficiency in Linux, VMWare, and GitHub for security assessments.
  • Working knowledge of popular web technologies like .NET, Java EE, Node.js, Rails, or JavaScript.
  • Familiarity with code scanning and dynamic analysis tools.
  • Expertise in API security testing and protocol handling.
  • Experience working with cloud security principles (AWS, GCP, Azure).
  • Understanding of IAM policies and security configurations in cloud environments.
  • Strong problem-solving and critical-thinking skills.
  • Ability to work independently and collaborate with teams effectively.
  • Strong time management and ability to meet deadlines.
  • Excellent verbal and written communication skills—able to explain findings to technical and non-technical stakeholders.
  • Open to constructive feedback and continuous learning.
  • A passion for mentorship and knowledge sharing.
  • A client-centric mindset with a high level of professionalism and collaboration.
  • A sense of humor and a good collection of memes and GIFs!
  • Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience.
  • Experience with AWS security concepts (IAM, STS, security controls, serverless architectures).
  • Hands-on experience with AWS services like S3, SQS, SNS, Lambda, and API Gateway.
  • Familiarity with DevSecOps, CI/CD security, and infrastructure automation.
  • Experience in mobile security (iOS/Android) and IoT testing.
  • Deep understanding of network and host-based penetration testing methodologies.
  • AWS Cloud Practitioner
  • AWS Certified Security – Specialty
  • Offensive Security Certified Professional (OSCP)
  • Flexible work model that empowers you to choose when and where you’ll work most effectively.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Software Tester Resume Examples
Software Tester Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service